{"containers": {"cna": {"affected": [{"product": "Cisco FireSIGHT unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco FireSIGHT unknown"}]}], "datePublic": "2018-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system. Cisco Bug IDs: CSCvh84511."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-17T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "104725", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104725"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass"}, {"name": "1041284", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041284"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0384", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco FireSIGHT unknown", "version": {"version_data": [{"version_value": "Cisco FireSIGHT unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system. Cisco Bug IDs: CSCvh84511."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693"}]}]}, "references": {"reference_data": [{"name": "104725", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104725"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass"}, {"name": "1041284", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041284"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:21:15.600Z"}, "title": "CVE Program Container", "references": [{"name": "104725", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104725"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass"}, {"name": "1041284", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041284"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0384", "datePublished": "2018-07-16T17:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:21:15.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6FFC36B-7EC9-48C2-87B0-E267EBF04779", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1B12A-A2EC-4C24-AEBC-944AE2939458", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "99479490-9BB9-40BD-B4FB-A23D81E48631", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system. Cisco Bug IDs: CSCvh84511."}, {"lang": "es", "value": "Una vulnerabilidad en el motor de detecci\u00f3n de Cisco Firepower System Software podr\u00eda permitir que un atacante remoto sin autenticar omita una pol\u00edtica de control de acceso basada en URL que est\u00e1 configurada para bloquear el tr\u00e1fico para un sistema afectado. La vulnerabilidad existe debido a que el software afectado gestiona incorrectamente los paquetes TCP que se reciben fuera de orden cuando se lanza una retransmisi\u00f3n TCP SYN. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una conexi\u00f3n maliciosamente manipulada a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir que el atacante omita una pol\u00edtica de control de acceso basada en URL que est\u00e1 configurada para bloquear el tr\u00e1fico para un sistema afectado. Cisco Bug IDs: CSCvh84511."}], "id": "CVE-2018-0384", "lastModified": "2019-10-09T23:31:56.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-16T17:29:00.643", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104725"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041284"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-693"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}